Download > DualShield > Documents

Release Notes

DualShield Server 5.7.2, Released on 02/06/2014


New Features

  • » Failthru as an authenticator and failthru policy

Improvements

  • » Access Policy: support "X-Forwarded-For" proxy chain
  • » SAML: added "InResponseTo" option in the SAML response
  • » When creating a domain, allow token repository and image repository to be blank to use default values
  • » Autocomplete="off" is set for password field

Bug Fixes

  • » Failthru as OTP does not work when auth is set to "StaticPass+OTP" and "OTP+StaticPass"
  • » Audit 'Login Name' field does not list incorrect username when download token on mobileID
  • » Report failed with "No such property: long_col1 for class: com.deepnet.das.report.ReportData"
  • » Message with empty password issent out when "Require static password" is checked on T-pass token
  • » DMC web page freeze when create the Logon procedure by using Application Wizard
  • » Upgrade from 5.6 to 5.7 with Microsoft SQL Server failed
  • » Identity Source page appears to blank after one of the LDAP AD's password is updated.
  • » Upgrade from 5.6.1.0909 to 5.7.1.1105 failed on Oracle database
  • » Lockout policy doesn't count on E_RESPONSE_INCORRECT
  • » DMC does not list the imported certificate authority information
  • » After user's token assignment expired, the user will be able to login without using 2-factor authentication
  • » SSO login using principal name look up domain failure
  • » Salesforce SAML failed due to user name incorrectly filled when using principal name
  • » Ldap user password expired or must change password error code is not returned, always got "credential incorrect".
  • » Multiple AD password authentication attempts in one logon attempt
  • » X-Forwarded-For is not handled correctly in SSO

DualShield Server 5.7, Released on 10/30/2013


New Features

  • » DualFence - MFA for BYOD
  • » Supports Syslog
  • » Supports Google Authenticator
  • » Apache Tomcat Integration
  • » Scripting in RADIUS attribute and SAML SP attribute

Improvements

  • » Dial Prefix
  • » Application Wizard
  • » TeleSign SMS & Voice Gateway
  • » Active Direcotry Browsing Pagenation
  • » F5 BigIP support via SAML
  • » New SAML signing option: sign on assertion or/and response
  • » New T-Pass policy: Available Channels
  • » New Session Variable: session.usedAuthenticators
  • » RADIUS attributes can be bound to RADIUS clients
  • » General performance

Bug Fixes

  • » Users were able to request a certificate when the certificate request policy was set as 'Deny'
  • » Exporting certificate to PKCS12 file did not ask for a new password

Windows Logon 5.6.1.1015, Updated on 10/15/2013


Bug Fixes

  • » When typing username into appropriate field, the product automatically tabs down to the password field


DualShield Server 5.6, Updated on 09/26/2013


Bug Fixes

  • » When a biometric token is not ready, trying to use it to logon caused the user account to be locked up.
  • » Resetting a TypeSense token did not work if the user had downloaded the token to client machine

Improvements

  • » Added a new event: TYPESENSE_TRAINING_FINISHED
  • » Added a new policy option for Time-Based OTP Token: Enable Automatic Synchronisation

Windows Logon 5.6, Updated on 09/23/2013


Bug Fixes

  • » While attached to the local network by changing the domain to the local machine name then putting in their domain UPN in the username, it was possible to bypass two-factor authentication.
  • » In some cases, the input focus was automatically moved to the password field while the user is entering their username
  • » TypeSense policy was not synchronised with offline logon

Improvements

  • » Improved message description of "E-TYPESENSE-TRAININGFAIL: 6: ks_data_parser return with error 1397752"

RADIUS Server 5.6, Updated on 09/17/2013


Bug Fixes

  • » No RADIUS Access-Response on Aruba 3600 controller

Improvements

  • » Allow unknown vendor-specific attribute to be empty
  • » General performance

DualShield 5.6 SP6


New Features

  • » Multi-selection of authenticators in RADIUS C/R

Improvements

  • » Improve TOTP token out-sync handling
  • » Improve TOTP auditing
  • » Added new debug log options
  • » System time drift detector
  • » System low performance warning
  • » System caches is reloaded automatically in clustering environment
  • » Added X-Frame-Options to avoid clickjacking
  • » Added F5 RADIUS attributes
  • » RADIUS server performance

Bug Fixes

  • » Upgrade from 5.3 to 5.6 got exception: "collection was not processed by flush()"

DualShield 5.6 SP5


New Features

  • » 2X: Supports 2X native integration (2X Application Server v10.6)
  • » RADIUS: New RADIUS client option: "Strip the realm from username at authentication"
  • » RADIUS: Supports Password Change in RADIUS Challenge/Response
  • » IIS Agent: IP Filter supports X-Forwarded-For

Improvements

  • » Emergency Code can now be deleted
  • » Windows Logon: Sometimes when starting the computer, only local computer shows up in the Domain list.
  • » Outlook Anywhere: DualShield Outlook Anywhere client now supports Microsoft Outlook Client 2013

Bug Fixes

  • » Windows Logon: on Windows 7, when a PC is locked, switching user and entering a wrong password will cause infinite loop.

DualShield 5.6 SP4


New Features

  • » Added "Token PIN" as an Authenticator for RADIUS-based applications.
  • » Supports Token PIN Change in RADIUS Challenge/Response

Improvements

  • » The length of token's PIN can be varaible.

DualShield 5.6 SP3


New Features

  • » Added support for OpenLDAP

Improvements

  • » DAS now checks access control policy when checking radius proxy policy
  • » DAS now checks system RADIUS proxy policy when user is not found.
  • » DAS now checks IP access control policy when checking radius proxy policy
  • » Added "concat=5" to clickatell request to avoid error "Max message parts exceeded"
  • » Made Identity Attribute 'type' editable
  • » Windows Logon Agent installer: change the agent registration dialog, use server address and port. Avoid the http/https mistake
  • » IIS Agent: Cross application pool authentication cache. Solved download offline address book issue.

Bug Fixes

  • » The second date/time slot in an access control policy is not working
  • » After user changed their info in DSS, user's info in DMC becomes uncertain.
  • » DMC can't generate token PIN with letters
  • » "User Must change Default PIN at Next Logon" does not work on MobileID & T-pass
  • » Radius Command does not trigger T-pass token auto provisioning
  • » Radius Proxy does not support long length password
  • » Certificate Activation Code length and character requirements does not work
  • » FlashPass Device Filter 'Allowed' & 'Denied' policy do not work properly
  • » No logs in audit when a cached password is used to login
  • » GridGo "Change Default Path" does not work
  • » Resetting event-based SafeID token caused error
  • » Some search filters for User don't work (Last Change Password, DN, etc)
  • » 'Send AC to user when created or assigned' does not work on Certificate Policy
  • » RADIUS attribute of the type Octets does not accept alphabetic letters
  • » Batch assign token will skip some tokens if the import file contains more than one kind of products.
  • » DMC: In Unit info dialog, the name field is showing the parent's name
  • » DMC: Does not support the XML format for importing user
  • » DMC: List duplicate delivery channels by click 'Update' button on Token Activation Code Window
  • » DMC: 'Save' action does not work after editing the Format and Priority on SMTP Message Template
  • » DMC: Option 'Remove assigned tokens' does not work on "Delete Tokens by Product" Task
  • » DMC: When complete a Certificate Request, got "Error: Parameter error: ['id' expected]"
  • » DMC: Complete Certificate Request pops up an error "Parameter error id expected"
  • » DMC: Some unsupported wildcards are listed in sms template
  • » DMC: 'Token is not found' when manually request activation code on Certificate.
  • » SSO: Got NullPointerException when no result item is in the server response
  • » SSO: Q&A logon steps returns an error message
  • » RADIUS Server: Password encoding algorithm is incorrect when password is longer than 16 bytes
  • » Windows Logon: On Windows 8 and Windows Server 2012, the logon client's background was sometime displayed incorrectly.

DualShield 5.6


New Features

  • » Support IBM Domino Directory Server
  • » Support IBM Tivoli Directory Server
  • » Support IBM Tivoli Access Manager WebSEAL
  • » Support 2X Application Server
  • » Support password authentication for LDAP users via MSCHAP2
  • » New policy option: Random Default PIN
  • » Windows Logon: Support AD domain suffixes
  • » Windows Logon: Support Single Sign-on (Windows 2008+)

Improvements

  • » Windows Logon Agent installer: Auto Registration supported
  • » RADIUS Server installer: Auto Registration supported
  • » Reclaim user licenses from orphaned users.
  • » License key transfer
  • » Upgraded to Twitter API 1.1
  • » Nested user group made visible in the Management Console
  • » RadiusAttribute and RadiusProfile become public objects
  • » Windows Phone 8 is recognized by provisioning server
  • » DMC/DSS Logout event is logged

Bug Fixes

  • » Creating certificate on Linux was extremely slow.
  • » Sending the next OTP (T-Pass policy) did not work if MSCHAP2 was used in RADIUS and the authenticator was StaticPass+ODP
  • » Audit export failed on Linux although it reported success.
  • » Cryptokey firmware upgrade did not work
  • » CryptoKey firmware options lost after restarted DualShield service
  • » Sending activation code caused exception "Error: Cannot get property 'options' on null object"
  • » When pin was due to be changed, the GridGo credential was not checked when resetting pin
  • » SafeID activation code was not sent when required by policy
  • » DMC did not check a token’s email address in the Push Token function
  • » Windows Logon: Access Control policy

DualShield 5.5 SP2


New Features

  • » Offline tokens for Windows & Mac logon can be downloaded automatically.

Improvements

  • » HTTP Proxy (of Message Gateways) did not work
  • » MS-CHAP2-Success attribute in RADIUS response was not implemented correctly
  • » Resetting Path for GridID generated error
  • » Login to safe mode did not work in previous releases of 5.5

Bug Fixes

  • » Email gateway checkboxes did not work

DualShield 5.5 SP1


New Features

  • » Resetting GridGo Path in SSO

Improvements

  • » New report template: "Users with Q&A Enabled"
  • » New policy option "Generate Random Path for New Token" in GridGo Policy
  • » New policy option "User Must Change Default Path at Next Logon" in GridGo Policy
  • » New policy option "User Must Change Default PIN at Next Logon" in GridGo Policy
  • » New policy option "Display Keypad" in GridGo Policy
  • » Remove "Status" when assigning token to an user in DMC
  • » New wildcards [[PIN]] and [[PATH]] in sending activation code template in DMC
  • » New "User Must Reset Path at Next Logon" option in reset path window of DMC
  • » Improve navigation by clicking grid cells of GridGo in SSO
  • » Seperated PIN input field when logging on with GridGo in SSO
  • » Shows a navigator when keypad is not displayed in SSO

Bug Fixes

  • » Email gateway checkboxes did not work

DualShield 5.5


New Features

  • »  ICE Logon Procedure
  • »  SSO Federation
  • »  Multiple Communication Gateways
  • »  AD Password Cache for Web & Windows Logon
  • »  FaceSense for Web & Windows Logon
  • »  VoiceSense for Web Logon
  • »  DevicePass for Window Logon
  • »  Q & A for VPN Logon

Improvements

  • »  TFA for Outlook Anywhere vastly improved with both "Client-less" and "Client mode" options
  • »  AD Identity source authentication now supports User Principle Name (UPN) and Down-Level Logon Name (loginname@domainname and domainname\loginname)
  • »  New policy option "Maximum Number of Uses" in T-Pass

Bug Fixes

  • »  "Deploy Tokens" in Domain/Unit/Group caused exception
  • »  T-Pass did not use the channel policy option to send next OTP.
  • »  Setting domains of a role would clear all permits
  • »  Domains with identical NETBIOS name caused Cross-Realm Domain Access error
  • »  The TypeSense training 'reset' icon was missing from the Window logon client x64 version
  • »  TFA bypassed if the UPN is used and the Enter key is pressed swiftly after username and password were entered
  • »  TFA bypassed if the login name was changed before the previous query returned.
  • »  If IPv6 enabled, Windows Logon configuration was not reloaded after the Save button is clicked.

DualShield 5.4 (SP3)


Bug Fixes

  • » The Audit Purge task causes exception

DualShield 5.4 (SP2)


Bug Fixes

  • » Registering GridID token in Self-service console causes exception
  • » Backend & Frontend installation options did not work properly

New Features

  • » "Deploy Tokens" will trigger the Client Provisioning policy option

DualShield 5.4 (SP1)


New Features

  • » Q&A is supported in RADIUS

DualShield 5.4


Bug Fixes

  • » MSCHAP2 did not work in RC2
  • » TPASS via CHAP/MSCHAP2 did not work in all previous versions
  • » Typesense only logon procedure password changing did not work properly.
  • » Q&A policy option maxsize and throttle was not checked
  • » Changing RADIUS attribute columns width caused exception in accounting/Radius report
  • » When failed to change password (via SSO), the audit showed succeeded.

DualShield 5.4 RC2


Bug Fixes

  • » Windows Logon was not functional in RC1
  • » SMTP TLS authentication did not work

DualShield 5.4 RC1


New Features

  • » Computer device authentication: DevicePass
  • » USB flash drive authentication: FlashPass
  • » Certificate authentication
  • » Certificate management
  • » RADIUS EAP/PEAP protocol
  • » RADIUS accounting
  • » Outlook Anywhere integration
  • » Exchange ActiveSync integration
  • » MobileID for Windows Phone

Improvements

  • » Approximate Matching in Q & A
  • » MobileID installer supports installation for current user only without admin privileges
  • » When the SMTP server doesn't require authentication, the system still works even the "require authentication" option is enabled in the SMTP server configuration
  • » New "bytes" function added to support RADIUS attribute mapping from string to bytes (octets)
  • » New "ReportResult" object added in role permits
  • » Dictionary for Infoblox added into the RADIUS server

Bug Fixes

  • » RADIUS logon: When the logon policy was set to "multi-factor is not required for all users", user could login with arbitrary password
  • » Windows Logon: Token provisioning did not work properly
  • » VMWare Logon: S_MFA_NOT_REQUIRED was incorrectly treated as failure
  • » RADIUS server: If the value of an attribute was great than 2^31, it was treated as minus signed integer.
  • » If "Valid for N minutes" was set to 0 in T-PASS policy, the code became invalid immediately.
  • » When a user had no token, Q&A defined in the logon procedure was not listed
  • » Role permit "Audit:view" did not work properly.
  • » Using radius command ">email user" caused exception if the SMTP server cannot relay the message
  • » Enhanced group membership checking to avoid looping membership
  • » Batch assign token had an error in its statistics
  • » Connecting a Radius proxy to Radius server caused exception "java.lang.ClassCastException"
  • » Opening role list tab caused "Cannot invoke method join() on null object"

DualShield 5.3


New Features

  • » Reporting
  • » Application self-test
  • » Default token PIN applied dynamically at runtime if it is required by the policy
  • » New wildcard [PIN] in the Send OTP template
  • » Reset LDAP user password via Management Console
  • » RADIUS accounting port (1813) is supported

Improvements

  • » The performance of AD connection is greatly improved
  • » The performance of the SSO server is greatly improved
  • » Login name is now case insensitive when authenticating via RADIUS/MSCHAP2
  • » During Safe Mode, the management console is only accessible from local machine
  • » When a user changed their static password, their TypeSense is automatically reset Li>Speed up authenticator listing at windows logon

Bug Fixes

  • » Pushing a token immediately generates an activation code, causing it to be always out of sync
  • » Token auto-sync did not work
  • » OTP in the "Register Token" did not work
  • » Assigning token from self-service would cause "access denied - token:assign" error
  • » Unable to unassign a token if the associated user is deleted in Active Directory
  • » MobileID got an error message 'Compulsory attributes missing' and it fails to install on java phone
  • » Expiration of Emergency Code did not work properly
  • » Searching LDAP users in OU did not work when the identity source's BaseDN is in different uppercase or lowercase to the LDAP server
  • » MobileID token download page for iphone/android did not select the given domain by default
  • » Windows logon did not reliably detect AD password expiration

DualShield 5.2


New Features

  • » New Mac Logon Agent
  • » New Access Control policy by IP addresses
  • » New option for installing MobileID token onto iPhone and Android
  • » Windows agent auto-discovery by DNS look-up
  • » Windows client diagnosis tool
  • » New task for changing token’s PIN

Improvements

  • » RADIUS server now supports multi-character sets
  • » Windows agent auto-discovery speeded up by local cache
  • » RADIUS servers logs the incoming request if its IP doesn't match any radius client

Bug Fixes

  • » RADIUS & VMWare View challenge response bug: sending OTP caused NULL pointer exception
  • » Special characters in LADP’s Access DN were not correctly escaped
  • » Searching users with some filters caused exception
  • » Windows offline token synchronisation
  • » Widows agent uninstaller did not remove the local token database file

Known Issues

  • » The option "Bypass two-factor authentication if the DualShield Server is not contactable" in the Windows Logon Agent does not function properly.

DualShield 5.2 RC2


New Features

  • »  Application Wizard

Improvements

  • »  Audit Export
  • »  IIS 7 Agent now supports 64bits & 32bits mixed mode

Bug Fixes

  • »  MobileID push and download URL were incorrect
  • »  A pending or expired token assignment was incorrectly counted as an active assignment

DualShield 5.2 RC1


New Features

  • »  Improved installer offering frontend & backend servers installation
  • »  Provisioning Server can be installed as a standalone server
  • »  Support multiple message templates
  • »  New offline policy for Windows logon
  • »  New IP Filter for the Windows logon agent
  • »  New IP Filter in the general logon policy
  • »  New VMWare View Agent
  • »  Import users from a CSV file
  • »  Import tasks from a script file
  • »  Support encrypted token seed file
  • »  Support agent auto registration
  • »  Safe Mode

Improvements

  • »  RADIUS authentication method now changed to logon procedure, offering C&R and real-time delivery of T-Pass one-time password in a multi-step logon procedure.
  • »  Support Token Auto-Provisioning in RADIUS logon
  • »  Policy options of Challenge Code moved to product
  • »  Support multiple tokens of different types in a single seed file
  • »  Provisioning Server detects Blackberry mobile phones
  • »  New feature, e.g. pushing token added to the self-service console

Bug Fixes

  • »  The Access User for LDAP had to reside in the Base DN
  • »  Server OTP in MobileID two-way authentication was incorrect
  • »  GPRS modem did not work
  • »  Authenticator list in Windows Logon went beyond domains in the realm
  • »  PIN history could not be disabled
  • »  Activation Code was not disabled after the token was downloaded
  • »  Challenge Code was not purged after expiration

DualShield 5.1


Bug Fixes

  • » Login to the management console with an LDAP user may cause Hibernate Exception
  • » The default policy and token attributes for a manually created authentication product is incomplete.
  • » "Challenge Sent" in audit trail logged with wrong type "FAILURE"
  • » The characters (\r\n) are not escaped in audit export file

Improvements

  • » Introduce two new domain attributes: "DNS Name" and "NetBios Name" in order to support multiple domains in a realm that’s assigned to a Windows Logon application.
  • » Record VPN client IP address in audit trail.

DualShield 5.1 RC2


Bug Fixes

  • » Access Control for Unit is effective but time period did not work properly
  • » After upgrading from old versions, an old policy created by previous versions may not contain newly introduced policy options
  • » When login to management console with an LDAP user, the group/unit query result may not be correct.

DualShield 5.1 RC1


New Features

  • » Access Control policy
  • » RADIUS authentication method: "Static Password >> Challlenge/Response"
  • » Set and reset PIN in RADIUS logon by new commands: >setpin and >resetpin
  • » Set and reset PIN in SSO logon
  • » Export and purge audit trail
  • » Support encrypted RSA SecureID seed data
  • » Support VASCO DigiPass tokens
  • » Support Oracle database
  • » Support PostgreSQL

Improvements

  • » MobileID client and token provisioning
  • » PIN policy moved to product policy
  • » "Require Static Password" option moved from logon procedure to T-Pass policy
  • » Other minor improvements

Bug Fixes

  • » SSL/HTTPS installation
  • » Requesting OTP via RADIUS commands, e.g. >sms did not work
  • » RADIUS attributes/profile attached to groups and units did not work
  • » Sending Emergency Code by SMS results in "Communicator error"
  • » RADIUS authentication "Static Password >> OTP" did not work with T-Pass
  • » RADIUS authentication "Static Password >> OTP" did not work with GridID
  • » Failthru authentication needs a dummy OTP token
  • » Other minor bugs

Known Issues

  • » Challenge & Response does not work on MobileID/iPhone
  • » Challenge & Response with PIN does not work on all MobileID clients
  • » Failthru as OTP does not work with "Static Password + OTP" and "OTP + Static Password"